Aggregator

蚂蚁集团任命刘政担任新 CFO 超算互联网上线 DeepSeek 模型 Google 更新 AI 政策，移除「不将 AI 用于武器和监视」承诺

OpenAI推出无需注册即可使用的ChatGPT搜索功能；蚂蚁集团任命新CFO刘政；DeepSeek模型上线国家超算平台；Google调整AI政策移除部分承诺；特斯拉推出Model 3全系保险补贴；华为小艺助手接入DeepSeek服务；Keep宣布All in AI并拓展全球化布局；小米SU7内饰升级提升舒适性；苹果计划发布新款Apple TV支持更高效性能和连接；AMD CEO苏姿丰称赞DeepSeek为公司创造增长机会。

A vulnerability, which was classified as critical, was found in F5 BIG-IP and BIG-IP Next. This affects an unknown part of the component SSL Profile Handler. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2025-21087. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in F5 BIG-IP up to 17.1.1 and classified as critical. This issue affects some unknown processing of the component Message Routing Profile. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2025-20058. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in F5 BIG-IP up to 16.1.4/17.1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Diameter Endpoint. The manipulation leads to missing release of resource. This vulnerability is handled as CVE-2025-22891. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in F5 BIG-IP up to 17.1.1. It has been declared as critical. This vulnerability affects unknown code of the component URL Categorization. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-24497. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in F5 BIG-IP. This issue affects some unknown processing of the component Configuration Utility. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-24320. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in F5 BIG-IP up to 16.1.4/17.1.1 and classified as problematic. Affected by this issue is some unknown functionality of the component APM Access Policy Endpoint Inspection. The manipulation leads to insufficient verification of data authenticity. This vulnerability is handled as CVE-2025-23415. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in F5 BIG-IP up to 17.1.1. This affects an unknown part of the component iControl REST Endpoint. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-23239. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Lazarus APT组织利用跨平台JavaScript窃取工具针对加密钱包展开攻击。该组织通过伪造LinkedIn上的加密货币、旅行和金融领域的工作机会引诱受害者，并要求提供个人信息以获取恶意代码。最终payload可窃取浏览器数据和登录凭证，并部署恶意软件进行进一步攻击。此次行动被归因于朝鲜关联的Lazarus集团。

The North Korea-linked APT group Lazarus uses a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Bitdefender researchers reported that the North Korea-linked Lazarus group uses fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Scammers lure […]

WhatsApp披露一起黑客活动，七名意大利人及十几个欧洲国家的受害者遭间谍软件攻击。意大利政府否认参与，并称正调查Paragon Solutions公司的行为。受害者包括记者和移民倡导者等。WhatsApp称攻击者使用恶意PDF文件，并已关闭攻击途径。

本文介绍了播客《Smashing Security》第403集的内容，探讨了Coinbase用户损失6500万美元事件、PowerSchool数据泄露问题及QR码安全风险。主持人Graham Cluley和Carole Theriault邀请嘉宾Geoff White参与讨论，并提醒听众内容可能包含成人主题和粗俗语言。

文章探讨了人工智能（AI）技术的快速发展及其在网络安全领域的双刃剑作用。从历史里程碑到当前应用，AI不仅提升了威胁检测和防御能力（如漏洞挖掘、异常行为检测），也为攻击者提供了更高效的工具（如自动化攻击链）。尽管技术进步显著，但安全研究仍滞后于技术发展。未来需关注AI自身的安全性及潜在风险。

AI技术是一把双刃剑。

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Moroccan Soldiers Targeted Multiple Websites

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]